JPH07226732A - Communication terminal equipment verification device - Google Patents

Abstract

PURPOSE:To secure the confidentiality of a secret key by devising the verification equipment such that decoding of the secret key by an intercept party is more difficult. CONSTITUTION:A base key storage section 11a and a mobile key storage section 31a store plural kinds of secret keys corresponding to plural kinds of key indices for each mobile terminal equipment station. An arithmetic unit 11d calculates an inner produce between a secret key and a random number string to obtain a 1st authenticator, a comparator 11g compares the 1st authenticator with a 2nd authenticator to provide a prescribed enable signal, a base communication section 12 sends a random number string and a key index and receives the 2nd authenticator. A mobile communication section 23 receives the random number string and the key index and sends the 2nd authenticator and the arithmetic unit 31d extracts the secret key corresponding to the key index received from the base communication section 12 from the mobile key storage section and calculates an inner product between the secret key and the received random number string to obtain the 2nd authenticator.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication terminal authentication device between wireless communication stations, and more particularly to a communication terminal authentication device for performing authentication for granting communication permission between a wireless base station and a mobile terminal station.

[0002]

2. Description of the Related Art In recent years, mobile communication using a moving body such as a person or an automobile has been put into practical use. This mobile communication has an advantage that communication can be performed at any place. In particular, high-level services are being provided due to the spread of car phones and mobile phones.

Such mobile communication is performed between a mobile terminal station and a radio base station (also called a center station). A mobile terminal station is a terminal device provided with a wireless communication facility in a mobile body, and a wireless base station manages the mobile terminal station.

When performing wireless communication between the mobile terminal station and the wireless base station, it is determined whether the mobile terminal station desiring a communication connection is an authorized mobile terminal station registered in the wireless base station. Need to determine.

Proving the legitimacy of the mobile terminal station by this discrimination is called authentication. Then, the mobile wireless station transmits an identification code called a unique ID (IDentity) attached to each mobile terminal station to the wireless base station for authentication.

[0006] Even if the identification code is intercepted by another wireless device or the like, data is encrypted and transmitted so that the content is not understood. Traditionally,
As the data encryption processing, for example, DES (Data Encry
ption Standard) method was used. This DES method is a common key method that is an encryption method using the same key or a key pair from which one can be easily derived.
It is one of the above, and is a method in which random numbers, substitutions and transpositions are complicatedly combined. This substitution replaces a character with another character in the manner specified by the key, and transposition replaces the order of the characters.

In this DES method, conversion is performed in units of 64 bits. Then, in a regular mobile terminal station, data is decrypted by transposing and transposing using the predetermined random number.

[0008]

However, since the conventional DES method uses a complicated algorithm, it takes a long processing time to execute it by software. Further, there is a problem in terms of the capacity of the terminal device in order to realize it by hardware.

The present invention has been made in view of the above circumstances, and its object is to realize a secret key easily without being able to easily realize it even with a simple microcontroller. An object of the present invention is to provide a communication terminal authentication device capable of sufficiently maintaining the confidentiality of keys.

[0010]

The present invention has the following constitution in order to solve the above problems. FIG. 1 shows the principle of the present invention. The present invention will be described with reference to FIG.

The communication terminal authentication device of the present invention performs authentication for granting communication permission between the radio base station 10 and the mobile terminal station 21i. The wireless base station 10 includes a terminal authentication unit 1
1 and the base communication part 12. The terminal authentication unit 1 includes a base key storage unit 11a, a calculation device 11d, and a comparison device 11g.

The base key storage unit 11a stores a plurality of types of secret keys Ksi in association with a plurality of types of key indexes IKi for each mobile terminal station. The arithmetic unit 11d calculates the inner product of the secret key and a predetermined random number sequence Ri to obtain the first authenticator MS1i.

The comparison device 11g compares the obtained first authenticator with the second authenticator MS2i and outputs a predetermined permission signal. The base communication unit 12 transmits the random number sequence and the key index and receives the second authenticator.

The mobile terminal station 21i includes a mobile communication unit 2
3 and the authenticator generation part 22. The authenticator generating unit 22 includes a mobile key storage unit 31a and a computing device 31d. The mobile communication unit 23 receives the random number sequence and the key index and transmits the second authenticator.

The mobile key storage unit 31a stores a plurality of types of secret keys in association with the plurality of types of key indexes for each mobile terminal station. The arithmetic unit 31d retrieves the secret key corresponding to the key index received from the base communication unit 12 from the mobile key storage unit and calculates the inner product of this secret key and the received random number sequence to obtain the second authenticator. .

Here, the terminal authenticating unit 11 calculates the inner product of the secret key and the random number sequence and obtains it, and then uses data of a predetermined length from the position based on the secret key as the first authenticator. Good. The authenticator generating unit 22 may calculate the inner product of the secret key and the random number sequence, and then use the data having a predetermined length from the position based on the secret key as the second authenticator.

Further, the terminal authenticating section 11 obtains the inner product of the secret key and the random number sequence by calculation, and then performs the transposition processing based on the secret key as the first authenticator. Good. Note that the authentication generation unit 22 may use, as the second authenticator, data obtained by calculating the inner product of the secret key and the random number sequence and then performing transposition processing based on the secret key.

Further, the terminal authenticating unit 11 may transpose the random number sequence based on the secret key and then use the data obtained by calculating the inner product with the secret key as the first authenticator. . The authentication generation unit 22 may use the data obtained by transposing the random number sequence based on the secret key and then calculating the inner product with the secret key as the second authenticator.

Further, the terminal authentication unit 11 may perform different transposition on the secret key each time the key index changes. Or the logical sum of the secret key,
You may make it perform a logical product, a substitution character, and those combination processing.

Further, a plurality of conversion processes are prepared as a pre-process or a post-process for the inner product process using the secret key,
The processing may be performed by selecting any of the plurality of conversion processing. As a plurality of conversion processes, for example, logical sum,
It is a logical product, an exclusive logical sum, a substitution character, and a combination process thereof.

By performing such processing, it becomes more difficult to decipher the private key, and therefore the confidentiality of the private key can be maintained.

[0022]

According to the present invention, in the wireless base station 10, the terminal authenticating section 11 reads one secret key corresponding to the key index from the plural kinds of secret keys from the base key storing section 11a. Then, this key index and the random number sequence R
The base communication unit 12 transmits i and i.

Next, in the mobile terminal station 21i, when the mobile communication unit 23 receives the key index IKi and the random number sequence Ri, the private key corresponding to the key index IKi is read from the mobile key storage unit 31a. Then, the arithmetic unit 31d calculates the inner product of this secret key and the received random number sequence to obtain the second authenticator, and the mobile communication unit 23 transmits the second authenticator.

Further, in the radio base station 10, the base communication unit 12 receives the second authenticator. Arithmetic unit 11d
Calculates the inner product of the secret key and the output random number sequence to obtain the first authenticator MS1i, and the comparison device 11g compares the obtained first authenticator with the second authenticator MS2i. Then, a predetermined permission signal is output.

That is, according to the present invention, since each mobile terminal station has a plurality of types of secret keys and any one of a plurality of types of secret keys can be designated by the key index, one secret key is provided for each mobile terminal station. More than that, it makes it more difficult for an eavesdropper to decipher the private key. Therefore, the confidentiality of data can be maintained.

[0026]

Embodiments of the communication terminal authentication apparatus of the present invention will be described below. FIG. 2 is a first embodiment of the communication terminal authentication device of the present invention.
It is a configuration block diagram of. <Embodiment 1> As shown in FIG. 2, the communication terminal authentication device comprises a radio base station 10 and a plurality of mobile terminal stations 21, and between the radio base station 10 and each mobile terminal station 21 (21a to 21n). Wireless communication.

The radio base station 10 includes a terminal authentication unit 11, a base communication unit 12, and a control unit 13. Each mobile terminal station 21
(21a to 21n) are authenticator generating units 22 (22a to 22n).
n), mobile communication unit 23 (23a to 23n), control unit 24
(24a to 24n).

In the wireless base station 10, the terminal authentication unit 11
Is a mobile terminal station 21 (21a to 21n) capable of communication connection.
A plurality of types of secret keys Ksi (Ksi1, Ksi2 ...
, Ksin) (s is 1 or more m) and the key index IKi (s = IKi, IKi is 1 or more m).
And are stored in the key database 11a in association with each other. In addition, the terminal authentication unit 11 uses the random number sequence Ri (ri1, ri2.
.., rin) (each element has a predetermined bit width) and outputs it to the mobile terminal station 21 (21a to 21n).

The radio base station 10 uses the key index IKi
Secret key Ksi (Ksi1, Ksi2.
.., Ksin) and the output random number sequence Ri (ri1, ri
2 ..., rin) and outputs the communication permission signal or the communication refusal signal by comparing the first authenticator MS1i obtained by calculating the inner product with the second authenticator received from the mobile terminal station 21. To do.

The base communication unit 12 transmits the random number sequence Ri and the key index IKi, and at the same time, the second authenticator MS2.
i is received. The control unit 13 controls the entire wireless base station 10 and also controls the operations of the terminal authentication unit 11 and the base communication unit 12.

The random number sequence Ri and the secret key are, for example, code sequences of 512 bits each, and the length of the element is 8 bits. In the mobile terminal stations 21a to 21n, the mobile communication unit 2
3a to 23n are a random number sequence Ri and a key index IK, respectively.
While receiving i, the second authenticator MS2i is transmitted. The authenticator generating units 22a to 22n use the secret key K corresponding to the key index IKi among the plural types of secret keys Ksi.
The second authenticator MS2i obtained by calculating the inner product of si and the received random number sequence Ri is output to the radio base station 10.

The control units 24a to 24n are connected to the mobile terminal station 21.
The mobile communication unit 23a controls the entire a to 21n.
23n and the authenticator generating units 22a to 22n are moved.

Next, the specific configurations of the terminal authenticator section 11 provided in the radio base station 10 and the authenticator generating section 23 provided in the mobile terminal station 21 will be described. FIG. 3 is a configuration block diagram of the terminal authentication unit 11 of the first embodiment. The terminal authentication unit 11 includes a key database 11a and a random number generator 11
b, output device 11c, arithmetic device 11d, post-processing device 11
e, an input device 11f, a comparison device 11g, and a control circuit 11h for controlling each device.

The key database 11a contains a plurality of types of secret keys Ks for each communicable mobile terminal station 21a to 21i to 21n.
i (Ksi1, Ksi2 ..., Ksin) and the key index IKi (s = IKi, IKi is 1 or more m) are stored in association with each other. Here, i indicates an arbitrary mobile terminal number and is 1 or more and n. n indicates the number of all terminals. Since s is 1 or more and m, multiple types of secret keys K
m types of si are prepared for each mobile terminal station.

That is, when expressed by a mathematical expression, it becomes like the expression (1). s = IKi (1) FIG. 4 shows the correspondence between a plurality of types of secret keys stored in the key database and the key index. As shown in FIG. 4, for the mobile terminal station 21i, a plurality of types of key indexes IK
i (IK1i, IK2i ... IKmi) and a plurality of types of secret keys Ksi (K1i, K2i ... Kmi) correspond to each other.

The control unit 13 retrieves the secret key Ksi corresponding to the key index IKi from the key database 11a. The random number generator 11b includes the control unit 13 shown in FIG.
In response to the command from, the key index IKi and a random number sequence Ri that changes depending on the date / time are generated.

The output device 11c amplifies the random number sequence Ri generated by the random number generation device 11b, the key index IKi, and the predetermined permission signal YN output from the comparison device 11g, which will be described later, to a constant output level and outputs the output signal.

The arithmetic unit 11d calculates the inner product of the secret key Ksi stored in the key database 11a and the random number sequence Ri generated by the random number generator 11b, and calculates the inner product sequence MS1i.
Ask for.

That is, when expressed by a mathematical expression, it becomes like the expression (2). MSi = ΣKsij × rij (2) Note that j is changed from 1 to n.

The post-processing device 11e performs post-processing on the inner product sequence MS1i obtained by the arithmetic device 11d based on the secret key Ksi to obtain the first authenticator S1i. That is,
When expressed by a mathematical formula, it becomes like a formula (3).

Si = TKi (MSi) (3) Here, TKi (MSi) is a function for extracting the data at the position defined by the key as Si among MSi. That is, the bit length of Si is Ns and the bit length of MSi is Nm. At this time, Nm is larger than Ns, and K
The extraction position of Si is changed according to the value of i.

For example, FIG. 5 shows an example of an authenticator determination method. FIG. 5A shows an example of the inner product sequence MSi, and FIG.
Shows a table 80 in which the key Ki and the authenticator Si are associated with each other. Here, for simplicity, the inner product sequence MSi is 16 bits and the authenticator Si is 8 bits. In FIG. 5A, the inner product sequence 70 has 16 bits, and the key 71 has the first 4 bits.

In the table 80 shown in FIG. 5B, when the key is "0000", "10111110" from the first (upper 1 bit) to 8 bits is the authenticator Si. When the key is “0001”, the second to eighth bits “01111100” are the authenticator S.
i.

As a method of determining the authenticator Si, conversely to the above, the lower 1 bit of the inner product sequence may be selected in order. The input device 11f receives the second authenticator S2i received by the base communication unit 12. Comparison device 11g
Compares the authenticator S1i output from the post-processing device 11e with the authenticator S2i output from the input device 11f, and outputs a predetermined permission signal YN. Specifically, the authenticator S1i and the authenticator S2 output from the input device 11f.
If i and i match, a communication permission signal is output, and if not, a communication refusal signal is output.

FIG. 6 is a configuration block diagram of the authenticator generating unit 22a of the first embodiment. Authenticator generators 22b, 22c ...
Since 22n have the same configuration, the configuration of the authenticator generating unit 22a will be described here.

The authenticator generating section 22a includes an input device 31f,
Computing device 31d, secret key table 31a, post-processing device 3
1e, the output device 31c, and the control circuit 31h.

The input device 31f receives the random number sequence R1 received by the base communication unit 12. The arithmetic unit 31d calculates the inner product of the secret key Ksi and the received random number sequence R1 by using the equation (2) to obtain the inner product sequence MS21.

The secret key table 31a stores the same contents as the contents stored in the key database 11a. That is, the private key table 31a is stored in the mobile terminal station 21.
A plurality of types of secret keys Ksi and a plurality of types of secret keys Ksi for each
Key index IKi (s = IKi,
IKi is 1 or more and m. ) And are stored in association with each other.
The secret key table 31a stores plural kinds of secret keys Ksi and key indexes IKi as shown in FIG.

The post-processing device 31e performs the same post-processing of the equation (3) on the inner product sequence MS21 obtained by the arithmetic device 31d based on the secret key, obtains the authenticator MS21, and outputs it to the output device 31c. To do.

The output device 31c amplifies the authenticator MS21 output from the post-processing device 31e to a constant output level and outputs it to the radio base station 10. FIG. 7 shows a processing flowchart of the wireless base station 10 of the first embodiment. The operation of the wireless base station 10 will be described using the processing flow shown in FIG. 7. First,
In the radio base station 10, the random number generator 11b generates a random number R
i and the key index IKi are generated (step 10
1) The output device 11c amplifies the random number sequence Ri and the key index IKi to a predetermined output level. Then, the base communication unit 12 transmits the random number sequence Ri and the key index IKi to each mobile terminal station 21a to 21n (step 10).
2).

Next, the second authenticator S2i transmitted from the mobile terminal station 21 is received (step 103). The second authenticator obtained by the mobile terminal station 21 will be described with reference to the processing flowchart of the mobile terminal station 21.

Further, from the secret key database 11a, the secret key Ksi corresponding to the key index IKi is retrieved from the plural kinds of secret keys in the mobile terminal station 21 to be communicated (step 104). Then, using the equation (2), the inner product sequence MS2 of the random number sequence Ri and the extracted secret key Ksi
i is calculated (step 105). The details of the inner product calculation will be described later.

Furthermore, the first authenticator S1i is obtained by performing the extraction processing by the equation (3) based on the obtained inner product sequence MS1i (step 106). The second authenticator of the mobile terminal station 21 received in step 103 and step 10
The comparison with the first authenticator obtained in 6 is performed.

It is determined whether or not the mobile terminal station 21 is a terminal station which is properly registered in the radio base station 10 (step 10).
8). That is, it is determined whether or not the second authenticator of the mobile terminal station 21 received in step 103 and the first authenticator obtained in step 106 match. Here, if the first authenticator and the second authenticator match, the process ends. If not, the process returns to step 101.

That is, each mobile terminal station 21 has a plurality of types of secret keys Ksi and a plurality of types of secret keys Ksi.
Since any one of the above can be specified by the key index IKi, the number of secret keys for each mobile terminal station increases from one secret key, making it more difficult for an eavesdropper to decipher the secret key. Therefore, the confidentiality of data can be maintained.

FIG. 8 shows a processing flowchart of the mobile terminal station. First, each of the mobile terminal stations 21a to 21n waits for reception of the key index IKi and the random number sequence Ri transmitted from the radio base station 10 (step 111). Then, when the input device 31f receives the key index IKi and the random number sequence Ri, the arithmetic device 31d retrieves the secret key Ki corresponding to the key index IKi from the secret key table 31a (step 112).

Further, the arithmetic unit 31d has a step 11
From the random number sequence Ri received in 1 and the secret key extracted in step 112, the inner product is calculated using the equation (2), and the inner product sequence M
S2i is calculated (step 113).

Next, the post-processing device 31e causes the step 113 to proceed.
The second authenticator S2i is obtained by performing an extraction process based on the inner product sequence MS2i obtained in (step 11
4). The second authenticator obtained in step 114 is transmitted to the wireless base station 10 (step 116).

Next, a concrete processing procedure of the inner product calculation processing and the post-processing will be described. FIG. 9 shows an inner product processing flowchart of the first embodiment. In FIG. 9, first, the variable j and the inner product sequence MSi are initialized. Here, "1" is substituted for the variable j, and "1" is substituted for the inner product sequence MSi (step 121).

Next, the inner product calculation is performed. Here, the jth bit (Ksij) of the secret key Ksi and the j of the random number sequence ri.
The inner product sequence MSi added to the inner product with the th bit (rij) is substituted as the inner product sequence MSi (step 122). Then, the value of the variable j is incremented by 1 (step 123).

Next, it is judged whether or not the value of the variable j exceeds a predetermined number (n + 1) (step 124). here,
When the variable j exceeds a predetermined number (n + 1), the inner product process is terminated. If not, the process returns to step 122.

FIG. 10 shows a post-processing flowchart of the first embodiment. In FIG. 10, the arithmetic unit is the secret key table 3
The private key Ksi is extracted from 1a (step 125).
Next, using the table as shown in FIG. 5, the inner product sequence MSi
The taking-out position of is determined by the value of the secret key Ksi (step 126). Then, the authenticator Si at an arbitrary position is taken out (step 127). <Second Embodiment> Next, a second embodiment of the present invention will be described. The second embodiment is different in that the transposing process is performed instead of the extraction process in the post-processing of the first embodiment.

FIG. 11 shows a post-processing flowchart of the second embodiment. In this case, transposition processing is performed as post-processing. The arithmetic unit 31d extracts the secret key Ksi from the secret key table 31a (step 125). And
After calculating the inner product sequence MSi from the random number sequence Ri and the key Ksi, the inner product sequence MSi is transposed based on the key Ki (step 128).

That is, the transposing process of the authenticator Si is performed based on the inner product sequence MS obtained in step 114. For example, as shown in FIG. 12, when the key is "000", the data before transposition "A1, A2 ... An" is replaced with the data after transposition "An, A1, A2 ... An _-1 ". Transpose like. Further, when the key is “010”, the data “A3, A1 ... An” before transposition is changed to the data “A1, A after transposition”.
3, A2 ... An ”.

By carrying out such transposition processing, the confidentiality of the private key can be maintained. <Third Embodiment> Next, a third embodiment of the present invention will be described. The third embodiment is a combination of the extraction processing in the post-processing of the first embodiment and the transposition processing of the second embodiment.

FIG. 13 shows a post-processing flowchart of the third embodiment. First, the arithmetic unit extracts the secret key Ksi (step 125). Next, as shown in FIG. 12, transposition processing of the inner product sequence MSi is performed based on the key (step 128).

That is, the transposing process of the authenticator is performed based on the inner product sequence MS obtained in step 114. Further, the extraction position of the inner product sequence MSi is determined from the secret key Ksi and extracted (step 129).

In this case, by performing the transposition process and the extraction process, it becomes more difficult to decipher the private key, and the confidentiality of the private key can be maintained. <Fourth Embodiment> Next, a fourth embodiment of the present invention will be described. FIG. 14 shows a block diagram of the configuration of the terminal authentication unit of the fourth embodiment. In the fourth embodiment, in the terminal authentication unit 44, the preprocessing device 11 is provided between the random number generation device 11b and the arithmetic device 11d.
The difference from the first embodiment is that j is included. In FIG. 14, the preprocessing device 11j has a key index IKi in the mobile terminal station 21 to communicate with from the key database 11a.
The secret key Ksi corresponding to is extracted and the exclusive OR of the secret key Ksi and the random number sequence Ri output from the random number generator 11b is calculated.

FIG. 15 is a block diagram showing the configuration of the authenticator generating unit according to the fourth embodiment. The fourth embodiment is different from the first embodiment in that the authenticator generating unit 54 includes a preprocessing device 31j between the input device 31f and the arithmetic device 31d. Figure 1
5, the preprocessing device 31j uses the secret key from the secret key table 31a and the random number sequence Ri from the input device 31f.
XOR with.

Since such preprocessors 11j and 31j are used, even if the code string of the authenticator or the like is intercepted, it becomes more difficult to analyze the content by the exclusive OR processing, so the communication content The confidentiality of can be secured.

FIG. 16 shows a processing flowchart of the radio base station of the fourth embodiment. The processing of the wireless base station according to the fourth embodiment having the above configuration will be described. First, the wireless base station 1
At 0, the random number generator 11b generates a random number Ri and a key index IKi (step 401), and the random number sequence Ri
And the key index IKi are amplified to a predetermined output level by the output device 11c. Then, the base communication unit 12 assigns the random number sequence Ri and the key index IKi to each mobile terminal station 21a.
To 21n (step 402).

Next, the authenticator transmitted from the mobile terminal station 21 is received (step 403). The authenticator obtained by the mobile terminal station 21 will be described with reference to the processing flowchart of the mobile terminal station 21.

Further, the private key Ksi corresponding to the mobile terminal station 21 with which the private key Ksi is to be communicated is retrieved from the private key database 11a (step 404). Then, exclusive OR processing is performed as preprocessing on the random number sequence and the key index (step 405).

FIG. 17 shows a preprocessing flowchart. In FIG. 17, the preprocessing device 11j takes out the extracted secret key K.
The exclusive OR of si and the random number sequence Ri is calculated (step 420). Then, the arithmetic unit 11d calculates the inner product of the random number Ri and the secret key Ksi to obtain the inner product sequence MSi (step 406).

Further, based on the obtained inner product sequence, the post-processing device 11e performs transposition processing or extraction processing to obtain an authenticator (step 407). Next, the mobile terminal station 21 received by the comparison device 11g in step 103
The second authenticator of 1 is compared with the first authenticator obtained in step 407 (step 408).

Then, the mobile terminal station 21 makes the radio base station 10
It is determined whether or not the terminal station is properly registered in (step 409). That is, it is determined whether or not the authenticator of the mobile terminal station 21 received in step 403 and the authenticator obtained in step 407 match. Here, if the first authenticator and the second authenticator match, the process ends. If not, the process returns to step 401.

In such an apparatus, since the pre-processing and the post-processing are added, it becomes more difficult to decipher the secret key. FIG. 18 shows a processing flowchart of the mobile terminal station. First, in each of the mobile terminal stations 21a to 21n, the key index IKi and the random number sequence R transmitted from the radio base station 10 are transmitted.
Wait for reception of i (step 411). When the input device 31f receives the key index IKi and the random number sequence Ri, the arithmetic device 31d extracts the secret key Ki corresponding to the key index IKi (step 412).

Further, after the preprocessing device 31j performs the exclusive OR processing as the preprocessing (step 413), the arithmetic device 31d uses the random number sequence Ri received in step 411 and the secret key extracted in step 112. The inner product is calculated to obtain the inner product sequence (step 414).

After the post-processing device 31e performs post-processing extraction processing from the inner product sequence (step 415), the post-processing device 31e transmits it to the radio base station 10 as a second authenticator (step 416). <Fifth Embodiment> Next, a fifth embodiment of the present invention will be described. FIG. 19 shows a block diagram of the configuration of the terminal authentication unit 45 of the fifth embodiment. The fifth embodiment differs from the fourth embodiment in that the terminal authentication unit 45 includes a conversion device 11k that converts a key index. In FIG. 19, the conversion device 11
k is a plurality of types of key conversion methods prepared, and the key database 1 is composed of a plurality of types of key indexes IKi.
The secret key from 1a is subjected to conversion processing, such as transposition processing, exclusive OR processing, and character substitution processing.

For example, when the key index is "00" as shown in FIG. 21, the keys "K1, K2 before transposition"
Keys "Kn, K1, K2 ... After transposing K3 ... Kn"
・ Transpose to “K _n-1 ”.

The substitution processing is to prepare a plurality of substitution tables and refer to the substitution table corresponding to the value of the key index to perform the substitution of the key. This substitution processing is also a kind of transposition processing.

FIG. 20 is a block diagram showing the configuration of the authenticator generating unit according to the fifth embodiment. The fifth embodiment differs from the fourth embodiment in that the authenticator generation unit 55 includes a conversion device 31k that converts a key index. 20, the conversion device 31k has the same configuration as that of the conversion device 11k shown in FIG. 19, and performs a conversion process of a secret key using a plurality of types of key indexes IKi, such as a transposition process as shown in FIG.

Since the above conversion devices 11k and 31k are used, even if the code string of the authenticator or the like is intercepted, it is more difficult to analyze the contents by the transposition process of the key by the key index. The confidentiality of the contents can be secured.

FIG. 22 shows a processing flowchart of the wireless base station of the fifth embodiment. The processing of the wireless base station according to the fifth embodiment configured as above will be described. First, the wireless base station 1
At 0, the random number generator 11b generates a random number Ri and a key index IKi (step 501), and the random number sequence Ri
And the key index IKi are amplified to a predetermined output level by the output device 11c. Then, the base communication unit 12 assigns the random number sequence Ri and the key index IKi to each mobile terminal station 21a.
To 21n (step 502).

Next, the authenticator transmitted from the mobile terminal station 21 is received (step 503). Mobile terminal station 2 to communicate secret key Ksi from secret key database 11a
The private key corresponding to 1 is taken out (step 504). Then, the conversion device 11k converts the key with the key index IKi (step 505), and the preprocessing device 11j performs preprocessing on the converted key and random number sequence (step 506).

Further, the arithmetic unit 11d calculates the inner product of the random number sequence Ri and the secret key Ksi (step 507). An authenticator is obtained by performing transposition processing or extraction processing based on the obtained inner product sequence (step 508).

Then, the received authenticator of the mobile terminal station 21 is compared with the authenticator obtained in step 508 (step 509). The mobile terminal station 21 is the radio base station 10
It is determined whether or not the terminal station is properly registered in (step 510). That is, it is determined whether or not the received authenticator of the mobile terminal station 21 and the authenticator obtained in step 508 match. Here, if the authenticators match each other, the process ends. Otherwise, step 5
Return to 01.

FIG. 23 shows a processing flowchart of the mobile terminal station. First, each of the mobile terminal stations 21a to 21n waits for reception of the key index IKi and the random number sequence Ri transmitted from the radio base station 10 (step 511). Then, when the input device 31f receives the key index IKi and the random number sequence Ri, the arithmetic device 31d extracts the secret key Ki corresponding to the key index IKi (step 512).

Then, the conversion device 31k performs key conversion using the key index IKi (step 513), and the preprocessing device 31j performs preprocessing on the converted key and random number sequence (step 514). Furthermore, the arithmetic unit 31d is
The inner product is calculated from the random number sequence Ri received in step 511 and the secret key to obtain the inner product sequence (step 515), post-processing is performed (step 516), and the authenticator is transmitted (step 517). <Sixth Embodiment> Next, a sixth embodiment of the present invention will be described. FIG. 24 shows a block diagram of the configuration of the terminal authentication unit of the sixth embodiment. In the sixth embodiment, the terminal authentication unit 46 prepares a plurality of types of conversion methods to be selected for pre-processing and post-processing, and associates the value of the key index IKi with a plurality of types of conversion contents. The conversion database 11m is provided. In FIG. 24, the conversion database 11m is
The key index and conversion contents (logical sum, logical product, exclusive logical sum, transposition, substitution, etc.) as shown in FIG. 25 are stored in association with each other.

For example, when the key index is "000", "logical sum" is the conversion database 11 as the processing to be performed by the pre-processing device 11j and the post-processing device 11e.
selected from m.

FIG. 26 is a block diagram showing the configuration of the authenticator generating unit according to the sixth embodiment. In the sixth embodiment, the authenticator generation unit 56 includes a conversion database 31m having the same configuration as the conversion database 11m shown in FIG.

Such conversion database 11m, 31
Since m is used, various conversion processes can be appropriately selected, and confidentiality of communication contents can be secured. FIG. 27 shows a processing flowchart of the wireless base station of the sixth embodiment. The processing of the wireless base station according to the sixth embodiment having the above configuration will be described. First, in the radio base station 10, the random number generator 1
1b generates a random number Ri and a key index IKi (step 601) and amplifies the random number sequence Ri and the key index IKi to a predetermined output level by the output device 11c.

Then, the base communication unit 12 transmits the random number sequence Ri and the key index IKi to the mobile terminal stations 21a to 21n (step 602). Next, the authenticator transmitted from the mobile terminal station 21 is received (step 60).
3). The private key corresponding to the mobile terminal station 21 to communicate with is extracted from the private key database 11a (step 60).
4). One of the conversions shown in FIG. 25, for example, the logical sum is selected by the key index (step 605), and the logical sum processing is performed on the key as a preprocessing (step 60)
6).

Further, the inner product of the random number sequence Ri and the secret key Ksi is calculated (step 607). An authenticator is obtained by performing transposition processing or extraction processing based on the obtained inner product sequence (step 608).

The received authenticator of the mobile terminal station 21 is compared with the authenticator obtained in step 608 (step 609). It is determined whether or not the mobile terminal station 21 is a terminal station that is properly registered in the wireless base station 10 (step 610).
That is, it is determined whether or not the received authenticator of the mobile terminal station 21 matches the obtained authenticator. Here, if the authenticators match each other, the process ends. If not, the process returns to step 601.

FIG. 28 shows a processing flowchart of the mobile terminal station. First, the mobile terminal stations 21a to 21n wait for reception of the key index IKi and the random number sequence Ri transmitted from the radio base station 10 (step 611). Then, when the input device 31f receives the key index IKi and the random number sequence Ri, the arithmetic device 31d extracts the secret key Ki corresponding to the key index IKi (step 612).

Then, one of the conversions shown in FIG. 25, for example, the logical sum is selected by the key index (step 6
13) The logical sum processing is performed as a pre-processing on the key (step 614). The arithmetic unit 31d calculates an inner product from the random number sequence Ri and the secret key to obtain an inner product sequence (step 6).
15).

Next, based on the obtained inner product sequence, transposition processing or extraction processing is performed to obtain an authenticator (step 616), and the authenticator is transmitted to the radio base station 10 (step 617).

Although the first to sixth embodiments have been described above, according to these embodiments, each mobile terminal station has a plurality of types of secret keys and any one of a plurality of types of secret keys is designated by a key index. Since it is possible, the number of types of secret keys for each mobile terminal station increases from one type of secret key.
It becomes more difficult for an eavesdropper to crack the private key.

That is, if the number of linearly independent random number expressions Ri and the corresponding inner product sequence MSi are known to the interceptor,
The user's private key can be decrypted. Therefore, according to the embodiment, even if one private key is used, a pair of a random number and an authenticator that is about m times (when s of Ksi is set to 1 to m) is required, so that more secure terminal authentication is possible. It can be performed.

Further, by adding processing such as preprocessing, postprocessing, and conversion processing, the security of the secret key can be further secured. The present invention is not limited to the first to sixth embodiments. In the above embodiment, the radio base station 10
However, the mobile terminal station 21 may be provided with the random number generation device described in the above embodiment.

In this case, the mobile terminal station 10 transmits the random number sequence and the authenticator to the radio base station 10. Even with such a configuration, the mobile terminal station can be authenticated.

[0103]

According to the present invention, since each mobile terminal station has a plurality of types of secret keys and any one of a plurality of types of secret keys can be designated by a key index, one secret key is provided for each mobile terminal station. Multiple types of secret keys are added, making it more difficult for an eavesdropper to decipher the secret key. Therefore, the confidentiality of data can be maintained.

[Brief description of drawings]

FIG. 1 is a principle diagram of the present invention.

FIG. 2 is a configuration block diagram of a first embodiment of the present invention.

FIG. 3 is a configuration block diagram of a terminal authentication unit according to the first embodiment.

FIG. 4 is a diagram showing a correspondence between a key index and a secret key.

FIG. 5 is a diagram illustrating an example of a method of determining an authenticator.

FIG. 6 is a configuration block diagram of an authenticator generating unit according to the first embodiment.

FIG. 7 is a processing flowchart of a wireless base station according to the first embodiment.

FIG. 8 is a terminal processing tello chart according to the first embodiment.

FIG. 9 is a flowchart of an inner product process according to the first embodiment.

FIG. 10 is a flowchart of post-processing according to the first exemplary embodiment.

FIG. 11 is a flowchart of post-processing according to the second exemplary embodiment.

FIG. 12 is a diagram illustrating an example of transposition processing.

FIG. 13 is a post-treatment flowchart of Example 3.

FIG. 14 is a configuration block diagram of a terminal authentication unit according to the fourth embodiment.

FIG. 15 is a configuration block diagram of an authenticator generating unit according to the fourth embodiment.

FIG. 16 is a processing flowchart of the wireless base station according to the fourth embodiment.

FIG. 17 is a flowchart of preprocessing according to the fourth embodiment.

FIG. 18 is a terminal processing flowchart of the fourth embodiment.

FIG. 19 is a configuration block diagram of a terminal authentication unit according to the fifth embodiment.

FIG. 20 is a configuration block diagram of an authenticator generating unit according to the fifth embodiment.

FIG. 21 is a diagram illustrating an example of conversion processing.

FIG. 22 is a processing flowchart of the wireless base station according to the fifth embodiment.

FIG. 23 is a terminal processing flowchart of the fifth embodiment.

FIG. 24 is a configuration block diagram of a terminal authentication unit according to the sixth embodiment.

FIG. 25 is a diagram illustrating another example of the conversion process.

FIG. 26 is a configuration block diagram of an authenticator generating unit according to the sixth embodiment.

FIG. 27 is a processing flowchart of the wireless base station according to the sixth embodiment.

FIG. 28 is a terminal processing flowchart of the sixth embodiment.

[Explanation of symbols]

 10 ... Radio base station 11 ... Terminal authentication unit 12 ... Base communication unit 13, 24a-24n ... Control unit 21a-21n ... Mobile terminal station 22a-22n ... Authenticator generation unit 23a-23n ... Communication unit 11a ... Key database 11b ... Random number generator 11c, 31c ... Output device 11d, 31d ... Arithmetic device 11e, 31e ... Post-processing device 11f, 31f. Control circuit 11k Conversion device 11m Conversion database IKi Key index Ksi Private key Si Authenticator MSi Inner product sequence Ri Random number sequence

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁶ Identification code Internal reference number FI Technical display location G09C 1/00 310 9364-5L H04Q 7/38

Claims (5)

[Claims] 1. A radio base station (10) and a mobile terminal station (21)
i) A communication terminal authentication device that performs authentication for granting communication permission with the wireless base station (10), wherein the wireless base station (10) has a plurality of types of secret keys (Ksi) and a plurality of types for each mobile terminal station. Of the secret key and a plurality of types of key indexes (IKi) designating each secret key are associated with each other, and the inner product of the secret key and a predetermined random number sequence (Ri) is calculated. A computing device (11d) that obtains the first authenticator (MS1i) and a comparing device (11g that compares the obtained first authenticator and the second authenticator (MS2i) and outputs a predetermined permission signal. ) And a base communication unit (12) that transmits the random number sequence and the key index and receives the second authenticator, the mobile terminal station (21i) , When receiving the random number sequence and the key index Mobile communication unit (23) and, wherein each mobile terminal station a plurality of types of secret keys and the mobile key storage unit that associates a plurality of types of the key index for transmitting the second authenticator to be (31
a) and the secret key corresponding to the key index received from the base communication unit (12) is taken out from the mobile key storage unit and the inner product of this secret key and the received random number sequence is calculated to calculate the second authenticator. A communication terminal authentication device, comprising: an authenticator generation unit (22) having a computing device (31d) for obtaining 2. The terminal authentication unit (1) according to claim 1,
1) is a communication terminal authentication, characterized in that after calculating an inner product of the secret key and a random number sequence, data having a predetermined length from the position based on the secret key is used as the first authenticator. apparatus. 3. The terminal authentication unit (1) according to claim 1,
1) is a communication terminal, characterized in that after the inner product of the secret key and the random number sequence is calculated and obtained, the data transposed based on the secret key is used as the first authenticator. Authentication device. 4. The terminal authentication unit (1) according to claim 1,
1) is a communication terminal authentication device, characterized in that after transposing the random number sequence based on the secret key, data obtained by calculating an inner product with the secret key is used as the first authenticator. . 5. The terminal authentication unit (1) according to claim 1,
1) The communication terminal authentication device, wherein different transposition is performed on the secret key every time the key index changes.